Context for discussions of mandatory certification

02/10/10

In this third article, I look at the wider context of certification and licensing for a range of professionals in the United States and point to the efforts beginning in the early 2000s to force certification for IA officers in the US Department of Defense.

More evidence of value of security certification

02/08/10

This is the second of five articles discussing the benefits (if any) of security certifications in the job market. In the first article, a number of studies suggested that certifications do indeed improve prospects for hiring and higher salaries.

Do IA certifications improve hiring, promotion & salaries?

02/03/10

The economic doldrums that struck the US and the rest of the world in 2008 and 2009 are not over yet, although the New Year brings hope of recovery.

Fact, fiction and the Internet

02/01/10

In their simplest form, many social networking sites are not much more than online diaries. Whether you're thinking of Bridget Jones or Adrian Mole, Alan Clark or Samuel Pepys, most of us realize that a diary is just someone's personal view, and not a reliable source of indisputable information. Most of us except for financial institutions, that is, or so it appears.

IMPERVAious to common sense

01/27/10

In December 2009, 32 million passwords stored without encryption on the Rockyou.com Web site were stolen and published on the Web for anyone to see. The security firm IMPERVA published a thorough analysis of these passwords to see how a large sample of users – not just those responding to a survey – actually manage their personal authentication.

Informing victims of identity theft

01/25/10

Until recently, information assurance (IA) personnel and attorneys specializing in this area of the law have had to search for the appropriate governing laws for each jurisdiction. In this column, I review a valuable resource for locating the laws which apply to disclosure of personally identifiable information (PII) in each state in the United States and internationally.

IC3 includes identity theft in statistics

01/20/10

Identity theft has been a major and growing problem in the United States for several years. The Privacy Rights Clearinghouse, a "nonprofit consumer organization with a two-part mission -- consumer information and consumer advocacy" has an excellent survey page with pointers to years of published studies and point-form summaries of many of their findings.

Windows 7 troubles and business continuity

01/19/10

Do you ever simultaneously feel like an idiot and also grateful that you've done at least something – anything – right?

Pirate's cove: Defenses

01/13/10

This final article in a series of four articles examines issues of defense against cyber pirates. In laws and regulations, distinctions are not made between passive defenses, such as firewalls, anti-malware and other conventional defenses, and active defenses such as counter attacks. Perhaps such distinctions are necessary.

Pirate's cove: The eastern havens

01/11/10

This third in a series of four articles by Kathleen E. Hayman, Michael Miora, CISSP-ISSMP, FBCI and Allen P. Forbes presents discusses the environment or climate affecting the activities of cyber pirates and privateers.

Pirate's Cove: The western havens

01/06/10

This is the second in a set (see part 1) of four articles by Kathleen E. Hayman, Michael Miora, CISSP-ISSMP, FBCI and Allen P. Forbes that examines the threat of cyber crime in business-to-business (B2B) activities. This part presents some top-level findings and analyses about the environment or climate affecting the activities of pirates and privateers in North America, Europe and the former Soviet Union.

Pirate's Cove: Setting the stage

01/04/10

The need for protection against cyber crime is ever increasing, especially considering the volume of personally identifiable information (PII) and financial transactions which corporations and financial institutions manage on a daily basis.

Internet addiction in China: Some teens harshly treated

12/23/09

Internet growth in China has been phenomenal. According to the Miniwatts Marketing Group's "Internet World Stats," between 2000 and 2009, the estimated number of Internet users in the People's Republic grew from 23 million to 338 million and the penetration percentage grew from 1.7% to 25.3%.

Debate over Internet "Addiction"

12/21/09

Kimberly S. Young is a clinical psychologist who has been working on what she calls Internet addiction since the mid-1990s.

Internet habit? Dependency? Addiction? Pop psychology?

12/16/09

The popular press is full of articles braying news about Internet addiction; try typing "Internet addiction" into the search field of your favorite search engine and start browsing. A Google search in mid-December brought up 768,000 English, French and German pages on the topic.

Traveling to dictatorships

12/14/09

In 1994, I was asked to lead a delegation of information security experts from the United States and the People's Republic of China. When not on the West Coast, and in our preparatory briefing, I warned the members of our delegation to be on their guard at all times once they entered the PRC.

H4ck3rs are people too: Film review

12/09/09

During the 1990s, the term "hacker" became synonymous with "cracker," which is a person who performs some form of computer sabotage. The association is understandable. In order to be an effective cracker, you had to be a good hacker, thus the terms got intertwined, and hacker won out in the popular press.

The Fruit of the Poisoned Tree

12/07/09

Should we hire criminal hackers as security experts? This is the second of a two-part attack on the idea from a 1995 debate in which I participated.

Why Criminal Hackers Must Not Be Rewarded

12/02/09

In 1995, I participated in a debate with distinguished security expert Robert D. Steele, a vigorous proponent of open-source intelligence.

SANS official talks security

11/30/09

This is the second of two parts of an interview of Stephen Northcutt by technologist David Greer.

Information security and business strategy Part 1

11/23/09

I've known David Greer for over 25 years and have always enjoyed his intelligence, good humor and creativity. And Stephen Northcutt is so widely published, cited and respected in our field that I had trouble deciding which of his many Web sites to cite. It is a great pleasure to publish Greer's interview of Nortcutt in two parts.

Advice to beginners

11/18/09

The assigned topic was how students could best work effectively in software development groups. With the instructor's agreement, I decided to discuss some beliefs, attitudes and behavior that can help students entering the workforce for the first time as interns or new employees make the best of their opportunities.

A different kind of antiviral donation for Africa

11/16/09

Africa is suffering from yet another plague: this one infects their computers instead of their communities.

IA job prospects bright

11/11/09

No one reading this column needs general references to news about the economic difficulties we are living through in the United States and elsewhere. Just the other day, I spoke with a long-time friend and colleagues from the information security field who used to earn a decent living as a much sought-after consultant; last week he canceled his business telephone line to save money. He's looking for a permanent job.

Detailing contingency planning

11/09/09

Despite the inclusion of "for Federal Information Systems" in the title, SP 800-34 Rev 1 has a great deal of value for all information assurance and business continuity specialists.

More

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Associate Professor of Information Assurance in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.